2 Replies Latest reply on Jan 19, 2010 1:07 PM by mfho1

    Trying to Understand Login and State Management

    mfho1

      Hi,

       

      I'm relatively new to Flex 3.  I'm using the builder.

       

      Here's my core problem.  I'm coming from a ColdFusion background, where users run to the server for any type of authentication and sessions rule until they're timed out.

       

      My goal is to understand how ColdFusion (with a SQL Server backend) and Flex work together to help a user login and helps that same user maintain it's state.

       

      I understand so far that Flex can use a RemoteObject to go back and use ColdFusion services to authenticate a user.  I'd like to go this route.

       

      My problem is understanding how does Flex maintains information about the particular logged in user.  Am I correct in thinking that once I return information from ColdFusion about the user, I create a global object in Flex that keeps the user's information that I can refer to as I transition between the View States (states) in my Flex application?  And I can just refer to that local user object if I need to make sure I'm still dealing with the same user? 

       

      Is it really that simple?  Also, I've had been trying to review COUNTLESS articles on the Login/Authentication process.  One that I came across suggested placing a UUID on the server for a particular logged in user, and then I just return that back to Flex.  Does anyone recommend that?  I know that when I used sessions in ColdFusion, the server did this, so I'm not sure which routes to take. 

       

      By the way, I'm designing an Intranet that's only accessible from our internal network, but I want my colleagues to be able to login securely.  And like I said before, I'm using  ColdFusion (and CF services), SQL Server, and Flex 3. 

       

      I'm teaching myself Flex through the Video Training - Flex 3, but haven't seen much on this yet.  If someone could provide a good outline of the Best Practices to Login, Authenticate, and Maintain Session State throughout a Flex Application (using a ColdFusion and SQL Server backend), I'd be highly appreciative. 

       

      Thanks!

      mfho

        • 1. Re: Trying to Understand Login and State Management
          UbuntuPenguin Level 4

          If you're using a remote object , then your cold fusion server should just have a session id for that particular user.

              Think JSession


          • 2. Re: Trying to Understand Login and State Management
            mfho1 Level 1

            Hi,

             

            Thanks for responding.

             

            Here's one solution I found located on http://www.blogna.org/blog/adobe-flash/flex-and-flash-rias-authentication-sessions-scalabi lity/#comment-843

             

            1. A user submits their username and password inside a Flex form.
            2. ColdFusion Server receives the username and password and verifies them against the users in a database.
            3. If the user is valid, A KEY IS CREATED, stored in the database with a time stamp, then sent back to the user.
            4. The key is stored in a local variable inside the Flex application.
            5. Now, any time the application needs to retrieve data from a service that requires the user to be logged in, it will pass the key with the request. So, instead of a method like getUserInfo(), now it will look like getUserInfo(key).
            6. The service will use the key to determine if the user is authenticated, and if they are, it will send back the appropriate data.

             

            Here are my questions:

             

            1.  Do I have to have a key sent back to Flex?  Can't I just pull all of the data for that particular user at the time and send it back to Flex?

             

            I guess I'm not understanding first why I need a key or session id from ColdFusion, but if I do, I guess I could create it using the CreateUUID() in ColdFusion, send it back to Flex, store it in a local var and then reference that each time I needed to do something that's user sensitive.

             

            Would that work?

             

            I guess I'd prefer not to use a session ID if I don't have to.

             

            Thanks!

            mfho1